User Tools

Site Tools


labs:disassembly

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
labs:disassembly [2017/03/23 14:35]
manuelei
labs:disassembly [2020/08/31 21:03] (current)
Line 2: Line 2:
  
 In this lab you learn how code and data are represented in memory and how to make low-level changes to a program in an assembly language. You will create modifications (mods) to a game. In this lab you learn how code and data are represented in memory and how to make low-level changes to a program in an assembly language. You will create modifications (mods) to a game.
 +
 +===== Mount your home directory =====
 +Use the following commands to connect to your remote home directory:
 +
 +  * ''​mkdir tardis-home/''​
 +  * ''​sshfs <​yournethzlogin>​@login.ee.ethz.ch:​ tardis-home/''​
 +
 +Store all your files during this lab in a folder below tardis-home,​ so it is stored remotely in case your machine crashes.
  
 ===== Exercises ===== ===== Exercises =====
 +   * 0) Download and unpack the ZIP file with the the material for this lab from http://​www.disco.ethz.ch/​lectures/​ti2fp/​exercises/​disassembly.zip. It contains the necessary files for exercises 1&2.
  
-   * Download the ZIP file with the the material for this lab from http://​www.disco.ethz.ch/​lectures/​ti2fp/​exercises/​disassembly.zip. Unpack it to some local folder. 
  
-   * 1) Find the correct input to defuse ​the "bomb".+   * 1) Execute ​the program bomb. It tells your to find a correct input to defuse ​its 'bomb'. Find the correct input by disassembling the program or looking at the HEX-representation.
  
-   * 2) When you run this program, a pop-up will appear that asks you to pay for a license. Disable this pop-up (or postpone it for a long time).+   * 2) When you run this program ​(TuxRaR), a pop-up will appear that asks you to pay for a license. Disable this pop-up (or postpone it for a long time).
  
    * 3) Now, you are ready to hack into SuperTuxKart! The game is installed on your machines. Show us your abilities by modifying the game in cool ways. For instance, make your kart faster, get better items, etc. Before you start modifying the binary, we recommend you to save a backup copy of it so when you break the game, you always have a clean copy. If you prefer, you can also modify a different game. \\ Hint: Have a look at the %%--%%demangle option of objdump.    * 3) Now, you are ready to hack into SuperTuxKart! The game is installed on your machines. Show us your abilities by modifying the game in cool ways. For instance, make your kart faster, get better items, etc. Before you start modifying the binary, we recommend you to save a backup copy of it so when you break the game, you always have a clean copy. If you prefer, you can also modify a different game. \\ Hint: Have a look at the %%--%%demangle option of objdump.
  
 ===== Recommended Tools ===== ===== Recommended Tools =====
- 
   * Text editor: Geany   * Text editor: Geany
-  * Hex editorBless+  * Hex editorswxHexEditor,​ ghex
   * Disassembler:​ objdump   * Disassembler:​ objdump
-  * Web assembler/​disassembler:​ https://​defuse.ca/​online-x86-assembler.htm (Attention: Uses Intel syntax, which has arguments in different order than objdump)+  * Web assembler/​disassembler:​ https://​defuse.ca/​online-x86-assembler.htm (Attention: Uses Intel syntax, which has arguments in different order than objdump.)
  
   * IA-32 cheat sheet (GNU format): http://​www.cs.utsa.edu/​~clark/​cs3843/​IA32cheatSheet.pdf   * IA-32 cheat sheet (GNU format): http://​www.cs.utsa.edu/​~clark/​cs3843/​IA32cheatSheet.pdf
   * Intel IA-32 instruction set reference: http://​www.intel.com/​content/​dam/​www/​public/​us/​en/​documents/​manuals/​64-ia-32-architectures-software-developer-instruction-set-reference-manual-325383.pdf   * Intel IA-32 instruction set reference: http://​www.intel.com/​content/​dam/​www/​public/​us/​en/​documents/​manuals/​64-ia-32-architectures-software-developer-instruction-set-reference-manual-325383.pdf
  
-  ​We have written a tool which allows you to insert your own machine code (produced e.g. with as) into SuperTuxKart. It is contained in the same zip folder as the other executables\\ Usage: ​./elf_tool <​executable_file>​ <​new_machine_code_file (inject_code.bin)>​ <​insertion_address>​. \\ The tool inserts ​the code into the executable, and writes a jump to the new code at the specified insertion_address (given in hexadecimal,​ e.g. 80487f0). Note that the inserted jump will **overwrite 6 bytes** of the code, so if the overwritten code is still needed, you have to repeat it in your new code+===== Hints for SuperTuxKart Modding ===== 
-  * AssemblingWrite assembly in a file called inject_code.s and execute ​the following command to get the machine code binary file required for the elf_tool: as %%--%%32 -o inject_code.o inject_code.s && objcopy -O binary inject_code.o inject_code.bin && rm inject_code.o +  ​Some items and events slow karts down, that is, their maximum speed is reducedDisable ​the function which sets this slowdown. 
 +  * Karts' maximum speed can be increased by some eventsPrevent ​the maximum speed from being reset to its original value. 
 +  ​Karts are slowed down when being off the track
 +  * Infinite nitroWhen nitro is burned, ​the nitro reservers shrink...
labs/disassembly.1490276111.txt.gz · Last modified: 2020/08/31 21:03 (external edit)